12404a2d5c
According to the specification, the value of the response header Access-Control-Allow-Headers must contain at least all the values of the request header Access-Control-Request-Headers to be considered a valid request. Before this commit, only the Authorization value was present, which is enough for Firefox but not for Chrome. This should now work as expected.